Summary: Google has issued urgent patches for a high-severity vulnerability (CVE-2025-2783) affecting its Chrome browser on Windows, which has been exploited in attacks, particularly against Russian organizations. The flaw is linked to Mojo, Googleβs IPC library, and poses risks such as sandbox escapes and privilege escalation. As a response, Google has updated the Stable channel of Chrome to versions 134.0.6998.177/.178 for Windows.
Affected: Google Chrome browser for Windows
Keypoints :
- Vulnerability CVE-2025-2783 was reported by Kaspersky researchers on March 20, 2025.
- This flaw involves an incorrect handle in Mojo on Windows, affecting secure communication.
- Google has acknowledged that exploits for this vulnerability exist in the wild.
- The Chrome Stable channel update will be rolled out gradually in the coming days/weeks.
Source: https://securityaffairs.com/175862/hacking/google-fixed-first-chrome-zero-day-in-2025.html